Forget what you've learned about password security. A simple pass code with nothing more than lower-case letters may be all you need - provided you use 12 characters.
That's the conclusion of security consultant David Campbell, who calculated the cost of waging a brute-force attack on various types of passwords using cloud …

COMMENTS

Pass phrases...

I have typically recommended that people use actual phrases rather than passwords for things exactly like this. First phrases are easy to memorize; second the are very long and can easily contain upper, lower, numbers and symbols; and third, it would be very difficult for an attacker to use a key logger to find the password.

One of my old passwords was "Send form 36-b to accounting.". Such a password would cost about $2.43*10^43 to crack and would take so long that the password would have been changed several times already.

Bruteforcing?

Why?

Why would the criminals bother brute forcing passwords when many people are still stupid enough to submit their credentials to phishing sites?

This would need to be done in conjunction for another hack, for example if they get hold of all the hashed passwords for a particular site, they could attempt to brute force them all wholesale, assuming that there will be a certain percentage of week ones.

Bruteforce

Certainly a mega-bruteforce effort can theoretically generate the correct password eventually - however it still needs to be applied. Might take rather a long time, even if the username is known - alright root is root but it would average ~~10^35 attempts to break into my fileserver even if root was exposed to the outside ( which it's not) and also supposing fail2ban didn't notice (all this assuming that the universe hasn't ended by then as I'm assuming at a generous 100000 login attempts a second a time of ~10^23 years!) - although I guess hardware and broadband speeds will have improved a tad in maybe 10^10 years.

File security might be a different matter - but you still need to recognize that the decryption has succeeded

(Memorising very long random passwords is the answer - I'm afraid I can't remember what the question is.)

Time and tide

Choice of key length is dependant not only on the intrinsic value of the data it protects, but also the length of time for which protection is needed. For example, the message "We attack at dawn" may be of incalculable value to the enemy, but only if it can be decrypted within 24 hours. The CIA (are alleged to) have documents that must be protected not just for the lifetime of the agents they refer to, but for the lifetimes of all their children.

$1.5m to brute force a 12-character password

Re: Pass phrases...

That passphrase has very low entropy:

http://en.wikipedia.org/wiki/Passphrase

Given 1.1 bits per character plus some extras for the dot, dash and digits, I think 52 bits would be generous. That's about the same as 11 characters chosen randomly from lowercase a-z, which according to this article costs $60,000 to crack. Having said that, the search through the keyspace would be slower than just trying sequential keys.

If you really need a password cheap and quickk

Bad assumptions

The study is based on some misguided assumptions. Firstly, that the criminals will depend on a pay-for-service supercomputer to crack a single password.

If they were intent on using supercomputers to crack passwords en masse, I will posit that it is more probable that the criminals will employ any of the myriad mechanisms available (trojan horses, botnets, social engineering, the black-market, etc.) to steal the password of an Amazon EC2 account, and then roll with it.

Crime is only that expensive if the criminals play by your normal rules, which nothing says they have to.

A glaring flaw in his assumption

His cracking application might be able to handle 9.36 billion keys per hour but what real-world server will process even a fraction of that many login attempts per hour? Even assuming no anti-hacking measures swing into action, I would suggest that even 100 attempts per second would tax most server applications.

So his actual EC2 bill is going to be several orders of magnitude bigger than his theoretical calculations.

Wrong

The cost given would be the cost if every single one of the possible combinations was tried. Assuming a brute force attack consists of first trying "aaaaaaaaaa" then "aaaaaaaaab" then this would only be true if the password was "zzzzzzzzzz" - which is unlikely.

Then again, are crackers clever enough to use random attacks? Sounds like 'zzzzzzzzzz' is going to become my password of choice from now on.

Not quite wrong

Typically the measurement you want is the time taken to search half the keyspace, which gives you the average time to find a password. So divide his results by two and you've got a useful answer.

As for the "no server would let you log in 9.36m times a second", that's not the idea here. Say someone has broken in to a server, got hold of /etc/shadow, and now wants to crack the passwords (to attack another computer with the same user accounts). It's strictly a CPU-bound problem, although once you've got /etc/shadow you've got root anyay, so it's much easier to install a compromised sshd or logind daemon to capture passwords as they're entered.

A shame he didn't answer the more interesting question, which is the cost taken to brute force an RSA private key from a public one. Given public keys are, well, public, it's an attack you can perform without the target even realising they're under attack.

zzzzzzzzzz

> Then again, are crackers clever enough to use random attacks? Sounds like 'zzzzzzzzzz' is

> going to become my password of choice from now on.

Attackers will try simple passwords and common combinations from a dictionary first. That will get 80% of all passwords, including yours, with almost no effort. Only the remaining 20% needs any sort of force.

Problem is..

Repetition

I read somewhere a long time ago (a quiet afternoon reading some whitepaper on good and bad passwords) that repetition within passphrases is bad as once a character is cracked it's then decryptable for all occurrences in the phrase.

Hence 'zzzzzzzzzz' would be buggered as soon as the brute force gets the first z.

Why use the slow EC2?

I mean really. The high end nVidia cards using CUDA can do 2 billion md5's per second. That comes out to over 7 trillion per hour. For a grand in graphics cards (SLI) you can do 14 trillion md5s in an hour. SHA's and better will slow it down some, but it is far quicker than the measly 9.3 billion per hour that his software is calculated to use. In under 16 hours you can brute force an 8 character alpha-numeric md5 with SLI.

Long passwords

I hate websites that limit the length of passwords. e.g 'You password must be 6-8 characters'. Far too many of them about still. And far too many that store them unhashed and send you a plain text reminder.

@Moore's Law idiots: Just remember what Moore's law *really* says: "The number of people misquoting Moore's Law will double every 18 months". Go Google it, morons.